Edgewall Software
Home
Trac
Trac Hacks
Genshi
Babel
Bitten
Home
Download
Documentation
Mailing Lists
License
FAQ
Search:
Login
Preferences
Help/Guide
About Trac
Wiki
Timeline
Roadmap
Browse Source
View Tickets
New Ticket
Search
Context Navigation
+0
Start Page
Index
History
Editing TracClientCertificates
Adjust edit area height:
8
12
16
20
24
28
32
36
40
Edit side-by-side
= Using SSL Client Certificates to log into Trac = == Set up your SSL PKI == I will not explain in detail how to set up SSL for Apache. There are a lot of good step-by-step guides out there that can help you in this: * In my opinion the best guide is this one: http://www.securityfocus.com/infocus/1818 * The official apache mod_ssl documentation can be found here: http://httpd.apache.org/docs/2.2/ssl/ I'll assume that you have the following by now: * a certificate for your Trac web server * client certificates for your users (already installed in their browsers) == How to configure mod_ssl == Here are the most important apache directives. Server configuration (httpd.conf): {{{ <IfModule mod_ssl.c> ... SSLVerifyClient require SSLVerifyDepth 1 SSLCACertificateFile /your/root/certificate.pem ... </IfModule> }}} Virtual host configuration: {{{ <VirtualHost xxx.xxx.xxx.xxx:443> ... SSLEngine on ... <Directory /> # We have to require SSL for the whole vhost to enforce # client certificate authentication. SSLRequireSSL ... </Directory> <Location /trac> # Here comes your trac CGI/FCGI/mod_python configuration ... </Location> <Location /login> # We do NOT use basic authentication here. Rather than setting REMOTE_USER # through apache's HTTP authentication mechanisms we'll set it directly as # the client certificate's common name. SSLUserName SSL_CLIENT_S_DN_CN </Location> ... </VirtualHost> }}}
Note:
See
WikiFormatting
and
TracWiki
for help on editing wiki content.
Change information
Your email or username:
E-mail address and name can be saved in the
Preferences
Comment about this change (optional):
Note:
See
TracWiki
for help on using the wiki.